Apple SUS server 5.2: Re-enabling & Re-activating Updates?

Valued Contributor II

Has anyone else seen OS X Server’s SUS server re-enable a software update after it was explicitly removed/disabled by the admin?

I'm seeing a situation in which both Safari 10.0 and 10.0.1 are both getting downloaded and enabled - against my will! I'm runnning my SUS 5.2 on OS X 10.11.6.

It's a pain because I have a couple intranet services that don't work with Safari 10 yet (ADFS, ServiceNow etc).

My end user’s Macs are magically getting Safari 10.x from my SUS. Every time I check the SUS Safari 10 is downloaded and enabled again. Doh!

I have seen Apple's SUS do weird things in the past - but not this.


Contributor III

I've seen this with ours. With Apple sunsetting SUS anyway, we decided to just start ignoring updates via a policy that runs a script like this:


# Reset existing ignored updates in the softwareupdate service

sudo softwareupdate --reset-ignored

# Set software updates in the array "updatesToIgnore" to be ignored by the softwareupdate service

updatesToIgnore=( Safari10.0ElCapitan Safari10.0Yosemite )

for badUpdate in "${updatesToIgnore[@]}"
    sudo softwareupdate --ignore "$badUpdate"